TorrentPrivacy secures your BitTorrent traffic

Sounds great but im going to wait & heard some feed back before i get it....

Yeah, I'll wait before I buy it for feedback.

edit : I was too impatient and decided to order a week trial lol, but they don't take debit cards! Arg.
They ought to take paypal.

Originally posted by Mik3h:

---

Yeah, I'll wait before I buy it for feedback.

edit : I was too impatient and decided to order a week trial lol, but they don't take debit cards! Arg.
They ought to take paypal.

---

Get that Paypal plugin for your browser. I was told that it works even for places that don't except Paypal. It generates a credit number for and applies it to any purchase form. That's an option if you haven't tried that.

Guys,

glad that Afterdawn found our service interesting for an article. Feel free to ask me about the Torrentprivacy service.

As for Paypal it's available for 99,95 payment at the moment. Micropayments 2,95 and 9,95 will be available through paypal by the end of August. Stay tuned!

Alex,
You're secured by
Torrentprivacy.com

Ok sounds great minus one issue..

If you block your isp from looking at your network address on your computer the isp will automaticly ban your account this is true not only with comcast but even with qwest and others.

Originally posted by susieqbbb:

---

Ok sounds great minus one issue..

If you block your isp from looking at your network address on your computer the isp will automaticly ban your account this is true not only with comcast but even with qwest and others.

---

Let me correct you - you don't block your ISP from looking at your network. You just encrypt the bittorrent traffic like VPN or SSH session. ISP sees the session, but he doesn't know what's happening inside.

Is it possible to use this on more than one computer without having to buy another rental period? I would like to think that If I buy a month, I can protect all the computers in my house with the software?

Originally posted by Mik3h:

---

Is it possible to use this on more than one computer without having to buy another rental period? I would like to think that If I buy a month, I can protect all the computers in my house with the software?

---

You can use it on as much computers as you want, but there is a limit to one session per user. So if you like to use it on 2 computers at one time - you have to purchase one more account.

Originally posted by TPrivacy:

---

Originally posted by susieqbbb:

---

Ok sounds great minus one issue..

If you block your isp from looking at your network address on your computer the isp will automaticly ban your account this is true not only with comcast but even with qwest and others.

---

Let me correct you - you don't block your ISP from looking at your network. You just encrypt the bittorrent traffic like VPN or SSH session. ISP sees the session, but he doesn't know what's happening inside.

---

Azureus does that for free anyway.. never mind..

How does it block your IP from the tracker. Short tests have shown that our test IP is still appearing in the swarm. It does masquerade an IP as far as the modem, but outside ip remains the same.

Quote:

---

Originally posted by TPrivacy:

---

Originally posted by susieqbbb:

---

Ok sounds great minus one issue..

If you block your isp from looking at your network address on your computer the isp will automaticly ban your account this is true not only with comcast but even with qwest and others.

---

Let me correct you - you don't block your ISP from looking at your network. You just encrypt the bittorrent traffic like VPN or SSH session. ISP sees the session, but he doesn't know what's happening inside.

---

Azureus does that for free anyway.. never mind..

How does it block your IP from the tracker. Short tests have shown that our test IP is still appearing in the swarm. It does masquerade an IP as far as the modem, but outside ip remains the same.

---

Please read more about Azureus features and about Torrentprivacy ones and you will realise that encryption which some bittorrent clients have is only to circumvent traffic throttling and not for security while SSH protocol has strong 128 bit encryption All data sent and received during the connection via secure SSH tunnel is extremely difficult to decrypt and read.

That may be.. but most isp's don't care about what you are doing. Minimal encryption is enough to deter them, you can add higher level encryption if you chose.. That wasn't actually my point anyway http://www.out-law.com/page-8515

The information about what you are downloading is sourced by spiders which scan the swarms on the trackers and collect IP's.. Those IP's are handed to the content owners who then contact the ISP to hand out the warning letters, or pass your information back leading to legal action.

We didn't see your software in any way preventing this from happening. Our IP was still displayed openly on the swarm details returned from the tracker.

Let me explain you more - while you're going through SSH encrypted tunnel you're relayed through one of our server where you're getting new IP.

If you existing Torrentprivacy user you can test our software: we have a feature when you're getting test torrent and then download it without/with Torrentprivacy and we will tell you the IP from what torrent was downloaded. With torrentprivacy you have another IP address.

Also I would advice you to read latest news about lawsuits to see what's happening here and do providers care about it or not:

http://www.torrentprivacy.com/index.php?mod=news

Regards for interesting discussion,
Alex.

OK.. thanks.. will test that feature and then do another live test on a public tracker. Maybe we have something configured wrong.

If it cloaks your IP address, I can't see many private trackers being too happy with that.

edit : Saying that, I couldn't really care less what private trackers think, I share private tracker accounts with over 10+ people, so I'm not particularly bothered, and I'm sure it won't make a difference since trackers rarely enforce the account sharing rule.

This looks like an awesome service but I just have one quick question: Any chance of this coming out for Macs?

In the meantime, can anyone suggest a comparable service or product that does work on Macs?

I wish the company luck with this idea.

I will be interested to see how this plays out in the courts once the recording companies start finding out about this. Since it will be their IPs that are logged as downloading the content, "illegal" or not. There has to be some loophole in the law that is being exploited for Torrentprivacy to risk being sued. That or they are in a country that is shielded from being sued, in which case is genius. :-)

Someone needs to read the EUA, to see if there is anything in the fine print.

Originally posted by NexGen76:

---

Sounds great but im going to wait & heard some feed back before i get it....

---

I'll probably do the same thing and wait until real feedback is available.

I'm curious what country this is based in?

Im going to try this out and if its noo good ill just delete it :)

You should host it in some kind of remote island like torrentleech does, and like pirate bay (they have other servers apart from swedish.

I think torrentprivacy is only hosted in europe, US, and canada, I'll wait for TPrivacy to correct me though.

Yup.. our config error was on our security software blocking proxy redirects. It works as advertised once we cleared that up.

Can't connect to certain private trackers that scan for proxy connections, and the ones we could seemed to suffer about a 60% reduction in speed.... Public tracker wise.. it seems to work fine. At a price of about 50% of a newsgroup account it seems like fair value for money, but I'm a little worried about the proxy server locations being open to seizure and containing all your details logged neatly.... just like happened to Oink.

Originally posted by varnull:

---

seemed to suffer about a 60% reduction in speed....

---

Thats alot of reduction in speed.I wonder does it linkup with Bitsoup? Thxs for the info Varnull.

The thing I'm worried about most is your servers being raided. I mean, fair enough you have them in 3 locations, but Europe - OinK was raided here. US - countless trackers raided here. Canada - Not much better.

I'm very interested in TorrentPrivacy, but I'm not sure if I completely believe them when they say they don't keep any logs of anything. It seems like another company that'll eventually get sued and have all their server records or whatever confiscated for the MPAA and OR RIAA which could put allot of people in even more trouble than if they never even used the program.

10$ seems pretty steep when you can add the cost of a starbucks cup of coffee and head over to newsgroups.

Even if TorrentPrivacy doesn't store data, what's to keep the mpaa from raiding and logging current/future data of their own? This product would definitely make it easier for busting people in bulk and it will be on their radar if it becomes mainstream.

Just say NO to public trackers & limewire/kazzaa

Quote:

---

Quote:

---

Originally posted by TPrivacy:

---

Originally posted by susieqbbb:

---

Ok sounds great minus one issue..

If you block your isp from looking at your network address on your computer the isp will automaticly ban your account this is true not only with comcast but even with qwest and others.

---

Let me correct you - you don't block your ISP from looking at your network. You just encrypt the bittorrent traffic like VPN or SSH session. ISP sees the session, but he doesn't know what's happening inside.

---

Azureus does that for free anyway.. never mind..

How does it block your IP from the tracker. Short tests have shown that our test IP is still appearing in the swarm. It does masquerade an IP as far as the modem, but outside ip remains the same.

---

Please read more about Azureus features and about Torrentprivacy ones and you will realise that encryption which some bittorrent clients have is only to circumvent traffic throttling and not for security while SSH protocol has strong 128 bit encryption All data sent and received during the connection via secure SSH tunnel is extremely difficult to decrypt and read.

---

This will be poor, SSH can be de-crypted easily.

You simply packet sniff the connection to grab the keys for the packets once you have that you simply de-crypt the packets, there's software you can get for free that will handle the sniffing the finding the keys then opening up the packets then placeing any info you want into a folder for going over at a later date.

Seeing as you have only have X amount of connections for the SSH connections it'd be quite easy to just sniff through the tunnels made.

SSH isn't intended for extended packet streams it's made so that the 1 packet that holds your credit card number etc will be harder to find and then grab from the packet, a check-out session works prefect for SSH connections because you'll have heaps of packets with usless info and only 1 encrypted packet will hold the right data.

but again you can get this data if you packet sniff the whole session, though using SSh for a check-outs with millions of streams and only 1 packet holding the data would be pointless for most people so they wouldn't bother going through the effort unless they are after that data.

Your idea is all tied to a central connection and then a bittorrent session can last for days so wouldn't be hard to pick up keys and then grab data and files out of a session.

At least with a current bittorrent session your some what protected in that your sending packets all over the place at the time so people can't get a good chuck of data where as SSH would allow for this to happen as your tunneling in and out the 1 tunnel.

The TOR network has the extact same problem it's all encrypted inside the network but the packets have to come out into the open and people simply packet sniff the entry/exit TOR servers to see what people are doing.

Everything is logged and can be tracked online, your clearly kidding yourself if you really think a SSH tunnel will stop media sentry from packet sniffing your connection they already do that on the other network and to an extend on the bit torrent trackers.

@xtago:
I think you underestimate the security of SSL. You can't just "grab the keys" and decrypt the stream. SSL uses a public key infrastructure that allows anyone to encrypt information to send to a party, but only allows that party (who has the private key that corresponds to the public key) to decrypt it.

But that's kind of a moot point for most people here, since the big issue is not concealing what's being transferred, but who's transferring it.

Originally posted by nonoitall:

---

@xtago:
I think you underestimate the security of SSL. You can't just "grab the keys" and decrypt the stream. SSL uses a public key infrastructure that allows anyone to encrypt information to send to a party, but only allows that party (who has the private key that corresponds to the public key) to decrypt it.

But that's kind of a moot point for most people here, since the big issue is not concealing what's being transferred, but who's transferring it.

---

Hate to break it to you, but yes you can crack it and you can get programs which will do it all for you.

See the Server key [secured digital certificate] for the server is produced by the server which ends up being the same for everyone and it can be verified but only by a seprate party.

A server trusted certificate will last for a few hours or a year or two, the server owner slects how long it will last for, these also need to be vilidated everytime a new one is produced other wise it won't be viliad anymore.

These 3rd parties are called trusted certificate authority, these are verisign etc.

The Server owner basicly pays money to these companies to simply say yep, the server's IP and web address and key are the correct at this time, as the server keys can be spoofed if they arn't checked and make any browser think it's at the correct server even though it's not.

In a browser this is simply the lock icon, people don't check the keys themselves, just assume the lock means everything is correct and safe and for big companies this would normally be correct but sometimes it's not the case for little companies nor phishing/spoof sites.

So for you to get the server key you have to have the trusted certificate in the first place to start SSL, and in the first or close to the first packet your browser will send your end user key to the server, if a trusted certificate authority doesn't check the server certificate, you'll be asked if you wish the accept the server key/trusted certificate before you can start a SSL session.

As I said before your credit card details won't be in the packet with your end user key but another packet that could be 10,000 packets after your end user key was sent to the server.

So basicly with SSL what your replying on is that someone hasn't grabbed the 2 keys( well your end user key at least as the server key is easy to get) at the start but if they did start sniffing packets that they have started after your keys were sent around the net, thus the packet with your credit card details is all encrypted and even if they got that packet hopefully they can't decrypt that 1 packet.

but if you packet sniffed for say 2 months straight trust me with the right programs you'll have plently of credit card numbers etc fairly easy you would need the data space to hold all that info though.

SSL is only basic protection for web shops basicly your SSL session should be only long enough to send your private data+credit card data, basicly say it's only 100 packets long not gigs and gigs of packets that you'd get using torrents also everyone would require your keys etc to get the data anyway.

As someone said before the encryption option in torrent client programs is somewhat based on SSL in that the encryption is the same across all programs bar a couple where you can select what encryption you want to use.

it's just doesn't use 128bit keys.

Though as you say all they need is the IP at the end of the day.

The key that one would need to decrypt the stream is never transferred, so how would a packet sniffer grab it? I'm not implying that SSL is the solution to anonymity problems at all, but I've written network and cryptography functions before and your approach to compromising an SSL stream doesn't make sense to me. (Anyway, I think we're getting a little off-topic here. :-P)

I can't jump into the tech discussion, I don't know, but this discussion should be on fire.

Where'd the TPrivacy guy go?

Do you techies see the BTGuard service using 256bit AES as being a better solution? They really offer little info on thier service.

They are a small amount cheaper.

TPrivacy have you abandoned this discusion?

The private trackers I am member to would draw very little attention of law enforcement with thier very old and odd offerings in films so I'd just use an uncloaked utorrent for those.

Public trackers are indispensable though. I (we) can't all get those hot exclusive memberships and often hard to find software is only on the public trackers. I've been member to many of the best but if there's no Parking alowed I've long lost my membership never to regain it.

One off topic question, briefly, is Demonoid considered private at this time?

Feedback of users of the service appreciated greatly.

I'd use TorrentPrivacy even when downloading from private trackers. You can never be sure who's a member there. Even if the servers are raided your IP is still cloaked on their logs.

OK after having read the comments ,can any one say if this really works like it says and is worth the money?

Originally posted by barry6521:

---

OK after having read the comments ,can any one say if this really works like it says and is worth the money?

---

When they start accepting paypal for "micro payments" I'll try it out.

I dunno Mike.. there seems to be a trust issue here which is larger than the matter of data security/encryption.

My associate paid a month just to test it out which we have. The speed hit we observed was worrying as these days you really want to hit and run on public trackers instead of hanging about for days with the way the ISP's are logging everything. You can bet they have the resources and software to crack simple public key encryption.. it just takes enough processing power (how big is virgin medias potential cluster?) thrown at it and there you have it... plus even through a proxy your IP (or it's hash) is still in the header so the proxy server knows where to send the packets ;) I have software to reverse engineer IP's from server hashes, and I'm sure the ISP's do too.

I just purchased the first month of this service, and I seem to have everything up and running as indicated on the TorrentPrivacy website. I'm a non-technie when it comes to networking, so I don't really know if this is worthwhile or not.

I have a question. Varnull reported on 8/12 in this thread that he had a setting in his security software that was essentially blocking proxy redirects. He said he could still see his IP address in the swarm until he fixed that setting. How can I go into the swarm to verify the absence of my IP address to make sure I'm not having the same problem?

BTW, I'm currently running through their Canadian site (I live in the Southern US). I've tried all 3 locations, and the speed appears to be a little better for me through the Canadian site. I'm also a little hesitant to run it through the US site anyway in case their servers are raided. Maybe I'm being too paranoid.

I'm currently using the service to upload and download torrents that are using Demonoid and TPB trackers.

Thanks for any info and updates. I'll keep watching this thread.

-spiders96

Hmm... The torrentprivacy client is sending out UDP packets on port 2222 and I see machines out there trying to contact me on port 2222. I think this is DHT traffic so I disabled DHT and blocked outgoing port 2222 traffic in my firewall to see if it "goes away". I don't know what info is contained in DHT traffic but obviously my IP is leaking out.
:-(
I emailed them a couple hours ago but so far no response. I'll update you all if I hear from them and/or I verify that turning off DHT gets my computer to stop reporting my IP to the world.

Hey again. I found out that uTorrent doesn't proxy DHT UDP packets so torrentprivacy's proxy never gets them - they go right out with your real IP. Disabling DHT should prevent your IP from being broadcast. Their proxy is a socks4 on 127.0.0.1 (localhost) and port 2222 (they also use port 2222 as the bittorrent port). I was able to get uTorrent 1.8.1 to use their proxy so I don't know why they insist on using that old 1.7.5 version?

RoadRange,

Thanks for the info. I went into the preferences and unchecked the "Enable DHT Network" and "Enable DHT for New Torrent" boxes. Are there any other special settings that need to be changed for this?

Thanks.

-spiders96

Originally posted by spiders96:

---

Are there any other special settings that need to be changed for this?

---

I think that does it but I've only been looking at this for a day. I also noticed that the "incoming connection status" thing on the bottom that turns red, yellow, or green was modified in their version of 1.7.5 utorrent. In version 1.8.1 it is now a red circle that pops up as "listen error". If you change the port so it isn't the same as the proxy (2222) it goes to a yellow triangle. I suspect this service doesn't support incoming connections and they covered that up by messing with the indicator in their version of uTorrent. Between no DHT and no incoming connections things are gonna get a bit slow I think? No big deal for what I use it for - except on torrents with few peers and seeds DHT can often get it done when the trackers don't.

RoadRange, thanks for the help with this.

I've been using the service for about 2 weeks now, and the speeds seem to be OK. Some torrents have download speeds in excess of 150 kb/s, while others are much lower. The speeds seem to be relatively consistent with the speeds I was getting prior to using this service. It may be a little slower, but if it actually helps hide my IP then the slight speed sacrifice will be worth it.

-spiders96

I was still getting a LOT of connection attempts on the uTorrent port - both the port I was presently using and the one I was using before I installed torrentprivacy. It would seem that once you've given out you IP to a tracker it continues to dish it out to the world for several days. I changed to a different port just so I could verify that my IP was no longer being "advertised" and my firewall has not seen anyone try to connect to my new port - Woo Hoo! I too am happy enough with the speeds I see. Even though I seem to not be accepting incoming connections via the proxy and have disabled DHT I seem to be getting as good as before.
BTW I also checked out http://www.relakks.com as they give you a free 30 day trial - they are a full VPN service so will work with DHT but I'm not sure if incoming connections work? There is also http://btguard.com but I'm not sure how that one works? The only problem with the VPN services is that I observed the Relakks VPN go down and uTorrent just went back to using my regular connection and thereby broadcasting my true IP to the world - not a good thing. Only takes a few seconds of that to "drop a dime" on yah. With torrentprivacy uTorrent just stops if the connection to them goes down. Also a VPN connection bypasses my hardware firewall and puts my competer right on the internet completely naked! Torrentprivacy doesn't expose you at all.

Great info RoadRange.

Thanks again for the help. I really appreciate it.

Has anyone else tried this service? I'm curious about the experience of other people.

I signed up because it sounded like exactly what I needed. I am tech literate but not an expert, so I'd love to hear other people's opinions on this.

The proxy does seem to hide your IP address to the tracker, I believe that, and also connects many of the peers through the SSH tunnel, but also seems to open a lot of connections to peers WITHOUT using the tunnel. Whether or not this is a problem I'm not sure, since the routes show up as not in use. I say this because of what netstat -n shows when I'm using the program:

TCP 192.169.1.100:2222 to 127.0.0.1:2222 ESTABLISHED
(which is their SSH tunnel traffic I believe)

TCP 192.169.1.100:2222 to xx.xxx.xx.xxx:xxxxx TIME_WAIT
(which is the alternate connections made, maybe not in use)

If I open their utorrent program, it also seems to connect to peers without the SSH tunnel interface running. So all in all, unless I have something set up wrong (they were defaults though), then I'm not sure what's up. I emailed them to ask and I'm awaiting response.

Maybe it'll be okay once peerguardian works in Vista. I've heard the RIAA just connects to trackers to get IPs, in which case you'd be okay, and even if they tried connecting to you PG could block it, so this might still work yes? :S

speedpsyc, you have to go to "options", "preferences", "bittorrent" and uncheck "Enable DHT Network", "Enable DHT for new torrents", "Enable Local Peer Discovery",and "Enable Peer Exchange". Those use UDP data packets that are NOT proxied and give your IP directly to other peers. A future release of uTorrent is supposed to also proxy these UDP transactions if the proxy supports it - TorrentPrivacy is using a Socks5 proxy that is capable of UDP proxy if the TorrentPrivacy folks have it configured to support it on their servers.

I had tried disabling all the peer exchange/DHT etc, but I still found a few connections made (but they were on torrents I had already started, probably why).

But once I did that, no download anymore. They claim the client comes fully configured for their secure system, and it won't work worth beans with these disabled, so I'm starting to lose hope.

Oh, and with default DHT on, I never saw any UDP connections made to my computer anyhow according to netstat. A LOT of TCP SSH connections popped up, which I believe was peer connections through them. I guess I'm wondering if the TIME_WAIT connections which were direct are a problem (and the few established ones..).

Yes, it takes longer to get the downloads started with DHT disabled, especially when there are few seeds and peers or the tracker(s) is(are) busy - have some patience, it will work eventually.

Is this a full on VPN or just a proxy service like BTGuard? Also do they still have the server in Netherland? Thanks.

Surf anonymous and safe with [url=http://www.vpntunnel.se/en/][/url]

Surf anonymously with an encrypted VPN tunnel and vpntunnel.se. This is possible because all traffic between your computer and our servers is encrypted, we are neither the provider, employer can read this traffic.

Vpntunnel.se uses OpenVPN to achieve maximum security in the network.

From our servers located in redundant data centers with multiple Gbit connections, you will have full access to the Internet as usual, the only difference is that you now use our VPN service is fully anonymous on the Internet. There is a huge difference, because all your activities, or so-called electronic tracks no longer be linked to you personally.

We have chosen to protect the privacy of our users. We achieve this by not logging traffic that would show what a given user has at a given time. It makes that we can not disclose any such information to third parties. With this we can promise that you surf anonymously with us.

Unlike many other VPN services as we support port forwarding fully. Through the control panel, you can then monitor how much traffic you have used up, extend your account and much more.

We strive to be the best VPN service provider.

You get 100 GB of traffic for only $7.